Tags: crypto
Rating:
## Process
#### Step 1
Break given sha256 using
`python exploit.py`
#### Step 2
Find time taken in each loop (I collected 240 because bits in flag were 120)
Same exploit file does that
#### Step 3
Decode time taken into bits, and then into ascii values(flag)
`python rev.py`
### exploit.py
```python
import hashlib, string, itertools, socket, re, time
comp_run = []
normal_run = []
count = 0
# Function for receive data
def receive(index):
d = connection.recv(2048)
d = d.decode('ascii')
return d
# Function for find sha(xxxx....
def crack(target, suffix):
print("Cracking...")
for prefix in itertools.product(chars, repeat=4):
prefix = ''.join(prefix)
s = prefix+suffix
hash = hashlib.sha256(s.encode()).hexdigest()
if hash == target:
# print('S: ', s)
return prefix
def print_stuff():
print("\n\n=======================================")
print("Count", count)
print("normal_run", normal_run)
print("Comp run", comp_run)
chars = list(string.ascii_lowercase + string.ascii_uppercase + string.digits)
# Netcat type connection
connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connection.settimeout(100)
connection.connect(('52.163.228.53', 8081))
data = receive(0)
# Extracting provided sha256, and suffix
suffix = re.findall('(sha256\(xxxx\+)(.*)(\))', data)[0][1]
target = re.findall('(== )(.*)', data)[0][1]
print("Suffix", suffix)
print("Target", target)
prefix = crack(target, suffix)+"\n"
# Send xxxx
data = receive(1)
connection.send(prefix.encode())
# Uncomplete
def loop(send):
global comp_run
global normal_run
global count
# Send Number
connection.send(send)
start = time.time()
data = receive(2)
comp_run += [time.time()-start]
start = time.time()
data = receive(3)
normal_run += [time.time()-start]
count += 1
print_stuff()
loop(b'0\n')
start = time.time()
data = receive(2)
normal_run += [time.time()-start]
start = time.time()
data = receive(3)
normal_run += [time.time()-start]
loop(b'0\n')
```
### rev.py
```python
a = [3.498908042907715, 0.0026412010192871094, 0.052269935607910156, 0.03831005096435547, 3.460819959640503, 3.4502880573272705, 0.04138898849487305, 3.6219370365142822, 0.37172698974609375, 3.961483955383301, 0.24434804916381836, 3.8698389530181885, 3.4856958389282227, 3.830312967300415, 0.008797883987426758, 3.382478952407837, 0.07659602165222168, 0.04383516311645508, 0.009193181991577148, 3.449849843978882, 0.049514055252075195, 3.435905933380127, 0.1377730369567871, 3.3851139545440674, 3.7431061267852783, 3.542675018310547, 0.008862018585205078, 3.43733286857605, 3.538872003555298, 0.0022878646850585938, 0.03807711601257324, 0.04100799560546875, 0.0027518272399902344, 3.4976861476898193, 3.4533140659332275, 0.03817105293273926, 0.04889798164367676, 3.375872850418091, 0.053225040435791016, 3.4699819087982178, 0.13020682334899902, 3.585277795791626, 0.21168899536132812, 0.03540515899658203, 3.7934389114379883, 3.678338050842285, 0.009164094924926758, 3.3994829654693604, 0.04587984085083008, 0.00896596908569336, 3.6095809936523438, 0.03856611251831055, 0.03725385665893555, 3.4140899181365967, 0.008322000503540039, 0.075408935546875, 3.4730019569396973, 0.23027706146240234, 3.8451430797576904, 3.5055389404296875, 0.10713005065917969, 0.04539299011230469, 0.001898050308227539, 0.03900504112243652, 0.010368824005126953, 3.565114974975586, 0.2641589641571045, 3.549673080444336, 3.9092459678649902, 3.63307785987854, 0.2431340217590332, 0.0358271598815918, 3.8886120319366455, 0.25333404541015625, 4.161765813827515, 0.03865790367126465, 3.4677820205688477, 3.792495012283325, 0.13210082054138184, 0.0057070255279541016, 0.04667520523071289, 0.04415297508239746, 0.08827400207519531, 0.03861880302429199, 3.9852688312530518, 0.03971290588378906, 0.03646492958068848, 3.626716136932373, 0.12420415878295898, 3.464578151702881, 3.5400278568267822, 3.4932901859283447, 0.049694061279296875, 3.4608020782470703, 0.04607701301574707, 3.547592878341675, 0.010358095169067383, 3.5073940753936768, 0.07612895965576172, 3.544788122177124, 3.3615260124206543, 3.46486496925354, 0.04448699951171875, 0.05124807357788086, 3.368941068649292, 3.446528911590576, 0.008783102035522461, 3.5004589557647705, 3.469398021697998, 3.4449758529663086, 0.13963890075683594, 3.468502998352051, 3.445348024368286, 0.043894052505493164, 0.07938098907470703, 3.4412760734558105, 0.04313087463378906, 0.0022139549255371094, 0.03548693656921387, 3.4580581188201904, 3.454087972640991, 0.002362966537475586, 0.04665994644165039, 0.034677982330322266, 3.459244966506958, 3.4589498043060303, 0.040016889572143555, 3.537198066711426, 0.04996204376220703, 3.379323959350586, 0.1220860481262207, 3.4961910247802734, 3.4361679553985596, 3.4482839107513428, 0.008872032165527344, 3.34325909614563, 0.13284993171691895, 0.05230998992919922, 0.008661985397338867, 3.4381089210510254, 0.03975176811218262, 3.439020872116089, 0.07616806030273438, 3.432513952255249, 3.5412261486053467, 3.4617960453033447, 0.008430004119873047, 3.4500930309295654, 3.4368560314178467, 0.002878904342651367, 0.0406041145324707, 0.04441094398498535, 0.0028297901153564453, 3.571009874343872, 3.4489381313323975, 0.035028934478759766, 0.04702186584472656, 3.3904101848602295, 0.0444788932800293, 3.48464298248291, 0.04657316207885742, 3.4730072021484375, 0.1329951286315918, 0.047814130783081055, 3.393002986907959, 3.428607940673828, 0.009877920150756836, 3.4093379974365234, 0.04641604423522949, 0.008765935897827148, 3.535626173019409, 0.03949689865112305, 0.04478311538696289, 3.4649288654327393, 0.008722066879272461, 0.0874929428100586, 3.4647819995880127, 0.12919902801513672, 3.3927879333496094, 3.5488901138305664, 0.045308828353881836, 0.043157100677490234, 0.0017910003662109375, 0.03893017768859863, 0.010039806365966797, 3.4159278869628906, 0.03721213340759277, 3.5444979667663574, 3.360327959060669, 3.381150960922241, 0.11310005187988281, 0.042649030685424805, 3.4698071479797363, 0.13765501976013184, 3.5163497924804688, 0.03763604164123535, 3.4564120769500732, 3.4446208477020264, 0.127424955368042, 0.0022649765014648438, 0.04570889472961426, 0.04671311378479004, 0.047807931900024414, 0.043313026428222656, 3.476408004760742, 0.03862595558166504, 0.03938412666320801, 3.4799818992614746, 0.04462599754333496, 3.3797149658203125, 3.5373120307922363, 3.5725700855255127, 0.04552102088928223, 3.4789249897003174, 0.052342891693115234, 3.544667959213257, 0.010431051254272461, 3.4245190620422363, 0.11621809005737305, 3.465669870376587, 3.3690550327301025, 3.82532000541687, 0.048358917236328125, 0.0458829402923584, 3.475714921951294, 3.4562110900878906, 0.00931406021118164, 3.539158821105957, 3.515889883041382, 3.455655097961426, 0.08021807670593262, 3.4609789848327637, 3.4675798416137695, 0.045725107192993164, 0.13623690605163574, 3.476425886154175, 0.04402494430541992, 0.02183699607849121, 0.05805206298828125, 3.7838659286499023, 3.438939094543457, 0.0025959014892578125, 0.04369497299194336, 0.03650784492492676, 3.458890914916992, 3.4641411304473877, 0.039858102798461914, 3.5483391284942627, 0.04551196098327637, 3.376100778579712, 0.07123994827270508, 3.5457799434661865, 3.3608510494232178, 3.5426759719848633, 0.009120941162109375, 3.528451919555664, 0.12403178215026855, 0.045152902603149414, 0.009646177291870117]
avg = []
for i in range(0, 120):
avg += [round((a[i]+a[120+i])/2, 4)]
bits = ''
for i in range(0, 17):
temp = ''
for j in range(0, 7):
val = avg[j*17+i]
if val > 3:
temp += '1'
else:
temp += '0'
bits += temp[::-1]
bits+='1'
count = 0
flag = ''
for i in range(0, 17):
# print("Index", 8*i, 8*(i+1))
b = '0b'+bits[8*i:8*(i+1)]
c = hex(int(b, 2))
d = bytearray.fromhex(c[2:]).decode()
flag += d
print(flag)
print("Bits", bits)
```
